GDPR Statement

Published on February 16, 2020

The document provides a policy statement regarding the data protection obligations of our Parish, thus ensuring that we comply to Data Protection Regulations within Irish Legislation. This policy applies to all personal data collected and stored in the course of its’ activities.

What is Personal Data?
Personal Data relates to a living individual and from this data an individual can be identified. This policy covers both personal and sensitive personal data held in relation to data subjects of the Parish. This policy applies to personal data held in manual and automated form. The processing of personal data is governed by the General Data Protection Regulations (GDPR).

Who we are and How we Process your Personal Data?

CATHEDRAL OF THE ASSUMPTION, CARLOW Parish is the Data Controller. The Parish complies with its obligations under GDPR by;
• Obtaining and processing the information fairly
• Keeping it for one or more specified, explicit and lawful purpose
• Using and disclosing the information only in ways that are compatible with these purposes
• Keeping the information safe and secure
• Keeping the information accurate, complete and up-to-date
• Ensuring that the information is adequate, relevant and not excessive
• Retaining the information for no longer than is necessary
• Give a copy of the personal information to an individual following the Data Subject Access Request Procedure

What do we use your Personal Data for?

Data is collected from parishioners, employees, volunteers and contractors. CCTV cameras are also in operation for security purposes and there are clear signs outlining their use.

What is your Personal Data Used for?
• To administer records held by us on members of the congregation e.g Baptismal, Confirmation and Marriage Records.
• To fundraise and promote the interests of the parish
• To manage our employees and volunteers
• To manage rotas for altar servers, ministers of the Eucharist etc.
• To maintain our accounts and records including the processing of donations and tax rebates
• To inform you of any news, events and activities that are running in the Parish

What is the Legal Basis for Processing your Personal Data
• Explicit consent of the data subject so that you can be informed about news, events, activities and services, for processing your donations and keep you informed about events in the Diocese.
• Processing of personal data is necessary for carrying out obligations under employment law, financial laws and other legal requirements.
• Processing is carried out by a not-for-profit body with a religious aim provided that the processing relates to congregation members or former members (or those who have regular contact with the Parish in connection with those purposes) and
• There is no disclosure to a third party without consent.

Sharing your Personal Data

Your personal data will be treated as strictly confidential and will only be shared with other clergy or staff of the parish for the purposes connected to the Parish. We will only share your data with third parties outside the parish with your consent.

How long do we keep your Personal Data?

We retain data in accordance with the guidance set out within Irish Data Protection Legislation. Specifically, records of donations and associated paperwork are retained for 6 years after the calendar year to which they relate. Parish registers such as Baptisms, Marriages, Confirmations are kept permanently.

Your Rights and Your Personal Data

Under the Data Protection Regulations, you have the right to request access to the personal information held about you. Any requests should be addressed to the Parish Priest (contact details below). Requests should be dealt with, within 30 days of receipt, unless there is a reason for the delay, which is justifiable. You have the following rights;
• Right of Access – You have the right to access information we hold about you.
• Right of Correction – You have the right to correct information that is inaccurate or incomplete.
• Right of Erasure – In certain circumstances you can ask for data that we hold about you to be erased i.e. the right to be forgotten.
• Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data
• Right of Portability – Subject to certain circumstances, you have the right to have any data that we hold about you transferred to another organisation where we hold it in electronic form.
• Right to Object – You have the right to object to certain types of processing of data.
• The Right to lodge a complaint with the Data Protection Commissioner’s Office.

Further Processing

To exercise any relevant rights, queries or complaints please contact:
Parish Priest Fr. Ruairi O’Domhnaill ADM

Phone 059 913 1757 E-mail info@carlowcathedral.ie

You may also contact the Data Protection Commissioner Office on 00-353-57-8684800 or Lo-call 1890-252-231 or by e-mail info@dataprotection.ie or by Post to; Data Protection Commissioner, Canal House, Station Road, Portarlington R32 AP23 Co. Laois or their Dublin Office, 21 Fitzwilliam Square, Dublin 2 D02 RD28.